CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,735 vulnerabilities with CWE-89
CVE-2023-5781 MEDIUM
Tongda OA < 11.10 - SQL Injection via DELETE_STR Function
CVSS 6.3
CVE-2023-5780 HIGH
Tongda OA < 11.10 - SQL Injection via DELETE_STR Parameter
CVSS 7.3
CVE-2023-46584 CRITICAL
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via new-user-testing.php Endpoint
CVSS 9.8
CVE-2023-4608 MEDIUM
ThinkSystem <v3 - Authenticated SQL Injection
CVSS 4.1
CVE-2023-46358 CRITICAL
Snegurka for PrestaShop <3.5.1 - SQL Injection
CVSS 9.8
CVE-2023-46347 CRITICAL
NDK Design for PrestaShop <1.5.6 - SQL Injection
CVSS 9.8
CVE-2023-43507 HIGH
ClearPass Policy Manager - SQL Injection
CVSS 7.2
CVE-2023-27262 CRITICAL
IDAttend IDWeb < 3.1.052 - Unauthenticated SQL Injection via GetAssignmentsDue Method
CVSS 9.8
CVE-2023-27260 CRITICAL
idweb < 3.1.052 - Unauthenticated SQL Injection via GetAssignmentsDue Method
CVSS 9.8
CVE-2023-27255 CRITICAL
IDAttend IDWeb < 3.1.052 - Unauthenticated SQL Injection via DeleteRoomChanges Method
CVSS 9.8
CVE-2023-27254 CRITICAL
idattend idweb < 3.1.052 - Unauthenticated SQL Injection via GetRoomChanges Method
CVSS 9.8
CVE-2023-26584 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26583 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26582 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26581 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26572 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26569 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26568 CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-5700 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via GWLinkId Parameter
CVSS 5.5
CVE-2023-5693 MEDIUM
CodeAstro Internet Banking System 1.0 - SQL Injection via pages_reset_pwd.php Email Parameter
CVSS 6.3
CVE-2023-38190 HIGH
SuperWebMailer 9.00.0.01710 - SQL Injection
CVSS 8.8
CVE-2023-5682 MEDIUM
Tongda OA < 11.10 - SQL Injection via RECORD_ID Parameter
CVSS 5.5
CVE-2023-5681 MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via /admin/list_addr_fwresource_ip.php
CVSS 4.7
CVE-2023-37824 CRITICAL
sitolog_application_connect < 7.8.a - SQL Injection via activate_hook.php
CVSS 9.8
CVE-2023-4999 HIGH
Horizontal scrolling announcement < 9.2 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
Details
Vulnerabilities 19,735
Exploit Likelihood High